Functions | |
| int | hx509_cms_wrap_ContentInfo (const heim_oid *oid, const heim_octet_string *buf, heim_octet_string *res) |
| int | hx509_cms_unwrap_ContentInfo (const heim_octet_string *in, heim_oid *oid, heim_octet_string *out, int *have_data) |
| int | hx509_cms_unenvelope (hx509_context context, hx509_certs certs, int flags, const void *data, size_t length, const heim_octet_string *encryptedContent, heim_oid *contentType, heim_octet_string *content) |
| int | hx509_cms_envelope_1 (hx509_context context, int flags, hx509_cert cert, const void *data, size_t length, const heim_oid *encryption_type, const heim_oid *contentType, heim_octet_string *content) |
| int | hx509_cms_verify_signed (hx509_context context, hx509_verify_ctx ctx, const void *data, size_t length, const heim_octet_string *signedContent, hx509_certs pool, heim_oid *contentType, heim_octet_string *content, hx509_certs *signer_certs) |
| int | hx509_cms_create_signed_1 (hx509_context context, int flags, const heim_oid *eContentType, const void *data, size_t length, const AlgorithmIdentifier *digest_alg, hx509_cert cert, hx509_peer_info peer, hx509_certs anchors, hx509_certs pool, heim_octet_string *signed_data) |
| int hx509_cms_create_signed_1 | ( | hx509_context | context, | |
| int | flags, | |||
| const heim_oid * | eContentType, | |||
| const void * | data, | |||
| size_t | length, | |||
| const AlgorithmIdentifier * | digest_alg, | |||
| hx509_cert | cert, | |||
| hx509_peer_info | peer, | |||
| hx509_certs | anchors, | |||
| hx509_certs | pool, | |||
| heim_octet_string * | signed_data | |||
| ) |
Decode SignedData and verify that the signature is correct.
| context | A hx509 context. | |
| flags | ||
| eContentType | the type of the data. | |
| data | data to sign | |
| length | length of the data that data point to. | |
| digest_alg | digest algorithm to use, use NULL to get the default or the peer determined algorithm. | |
| cert | certificate to use for sign the data. | |
| peer | info about the peer the message to send the message to, like what digest algorithm to use. | |
| anchors | trust anchors that the client will use, used to polulate the certificates included in the message | |
| pool | certificates to use in try to build the path to the trust anchors. | |
| signed_data | the output of the function, free with der_free_octet_string(). |
| int hx509_cms_envelope_1 | ( | hx509_context | context, | |
| int | flags, | |||
| hx509_cert | cert, | |||
| const void * | data, | |||
| size_t | length, | |||
| const heim_oid * | encryption_type, | |||
| const heim_oid * | contentType, | |||
| heim_octet_string * | content | |||
| ) |
Encrypt end encode EnvelopedData.
Encrypt and encode EnvelopedData. The data is encrypted with a random key and the the random key is encrypted with the certificates private key. This limits what private key type can be used to RSA.
| context | A hx509 context. | |
| flags | flags to control the behavior, no flags today | |
| cert | Certificate to encrypt the EnvelopedData encryption key with. | |
| data | pointer the data to encrypt. | |
| length | length of the data that data point to. | |
| encryption_type | Encryption cipher to use for the bulk data, use NULL to get default. | |
| contentType | type of the data that is encrypted | |
| content | the output of the function, free with der_free_octet_string(). |
| int hx509_cms_unenvelope | ( | hx509_context | context, | |
| hx509_certs | certs, | |||
| int | flags, | |||
| const void * | data, | |||
| size_t | length, | |||
| const heim_octet_string * | encryptedContent, | |||
| heim_oid * | contentType, | |||
| heim_octet_string * | content | |||
| ) |
Decode and unencrypt EnvelopedData.
Extract data and parameteres from from the EnvelopedData. Also supports using detached EnvelopedData.
| context | A hx509 context. | |
| certs | Certificate that can decrypt the EnvelopedData encryption key. | |
| flags | HX509_CMS_UE flags to control the behavior. | |
| data | pointer the structure the contains the DER/BER encoded EnvelopedData stucture. | |
| length | length of the data that data point to. | |
| encryptedContent | in case of detached signature, this contains the actual encrypted data, othersize its should be NULL. | |
| contentType | output type oid, should be freed with der_free_oid(). | |
| content | the data, free with der_free_octet_string(). |
| int hx509_cms_unwrap_ContentInfo | ( | const heim_octet_string * | in, | |
| heim_oid * | oid, | |||
| heim_octet_string * | out, | |||
| int * | have_data | |||
| ) |
Decode an ContentInfo and unwrap data and oid it.
| in | the encoded buffer. | |
| oid | type of the content. | |
| out | data to be wrapped. | |
| have_data | since the data is optional, this flags show dthe diffrence between no data and the zero length data. |
| int hx509_cms_verify_signed | ( | hx509_context | context, | |
| hx509_verify_ctx | ctx, | |||
| const void * | data, | |||
| size_t | length, | |||
| const heim_octet_string * | signedContent, | |||
| hx509_certs | pool, | |||
| heim_oid * | contentType, | |||
| heim_octet_string * | content, | |||
| hx509_certs * | signer_certs | |||
| ) |
Decode SignedData and verify that the signature is correct.
| context | A hx509 context. | |
| ctx | a hx509 version context | |
| data | ||
| length | length of the data that data point to. | |
| signedContent | ||
| pool | certificate pool to build certificates paths. | |
| contentType | free with der_free_oid() | |
| content | the output of the function, free with der_free_octet_string(). | |
| signer_certs | list of the cerficates used to sign this request, free with hx509_certs_free(). |
| int hx509_cms_wrap_ContentInfo | ( | const heim_oid * | oid, | |
| const heim_octet_string * | buf, | |||
| heim_octet_string * | res | |||
| ) |
Wrap data and oid in a ContentInfo and encode it.
| oid | type of the content. | |
| buf | data to be wrapped. If a NULL pointer is passed in, the optional content field in the ContentInfo is not going be filled in. | |
| res | the encoded buffer, the result should be freed with der_free_octet_string(). |
1.5.4